* [PATCH 1/1] FS/JBD:replace count*size kmalloc by kmalloc_array
@ 2014-06-25 18:49 Fabian Frederick
2014-06-26 1:17 ` Theodore Ts'o
0 siblings, 1 reply; 2+ messages in thread
From: Fabian Frederick @ 2014-06-25 18:49 UTC (permalink / raw)
To: linux-kernel; +Cc: Fabian Frederick, Andrew Morton, Jan Kara
kmalloc_array manages count*sizeof overflow.
This patch also fixes checkpatch warnings:
ERROR: "(foo*)" should be "(foo *)"
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Fabian Frederick <fabf@skynet.be>
---
fs/jbd/journal.c | 6 ++++--
fs/jbd/revoke.c | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/jbd/journal.c b/fs/jbd/journal.c
index 06fe11e..26ebba7 100644
--- a/fs/jbd/journal.c
+++ b/fs/jbd/journal.c
@@ -810,7 +810,8 @@ journal_t * journal_init_dev(struct block_device *bdev,
journal->j_blocksize = blocksize;
n = journal->j_blocksize / sizeof(journal_block_tag_t);
journal->j_wbufsize = n;
- journal->j_wbuf = kmalloc(n * sizeof(struct buffer_head*), GFP_KERNEL);
+ journal->j_wbuf = kmalloc_array(n, sizeof(struct buffer_head *),
+ GFP_KERNEL);
if (!journal->j_wbuf) {
printk(KERN_ERR "%s: Can't allocate bhs for commit thread\n",
__func__);
@@ -871,7 +872,8 @@ journal_t * journal_init_inode (struct inode *inode)
/* journal descriptor can store up to n blocks -bzzz */
n = journal->j_blocksize / sizeof(journal_block_tag_t);
journal->j_wbufsize = n;
- journal->j_wbuf = kmalloc(n * sizeof(struct buffer_head*), GFP_KERNEL);
+ journal->j_wbuf = kmalloc_array(n, sizeof(struct buffer_head *),
+ GFP_KERNEL);
if (!journal->j_wbuf) {
printk(KERN_ERR "%s: Can't allocate bhs for commit thread\n",
__func__);
diff --git a/fs/jbd/revoke.c b/fs/jbd/revoke.c
index 8898bbd..7374a57 100644
--- a/fs/jbd/revoke.c
+++ b/fs/jbd/revoke.c
@@ -241,7 +241,7 @@ static struct jbd_revoke_table_s *journal_init_revoke_table(int hash_size)
table->hash_size = hash_size;
table->hash_shift = ilog2(hash_size);
table->hash_table =
- kmalloc(hash_size * sizeof(struct list_head), GFP_KERNEL);
+ kmalloc_array(hash_size, sizeof(struct list_head), GFP_KERNEL);
if (!table->hash_table) {
kmem_cache_free(revoke_table_cache, table);
table = NULL;
--
1.9.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] FS/JBD:replace count*size kmalloc by kmalloc_array
2014-06-25 18:49 [PATCH 1/1] FS/JBD:replace count*size kmalloc by kmalloc_array Fabian Frederick
@ 2014-06-26 1:17 ` Theodore Ts'o
0 siblings, 0 replies; 2+ messages in thread
From: Theodore Ts'o @ 2014-06-26 1:17 UTC (permalink / raw)
To: Fabian Frederick; +Cc: linux-kernel, Andrew Morton, Jan Kara
On Wed, Jun 25, 2014 at 08:49:06PM +0200, Fabian Frederick wrote:
> kmalloc_array manages count*sizeof overflow.
Except in these call sites, overflow is impossible.
kmalloc_array() is useful when count is coming from an unvalidated
source. But in this case, the count is either a fixed, hard-coded
value (256), or the size of n*count is *guaranteed* to be less than
the page size.
So this just adds some extra code which is pointless (assuming the
compiler isn't smart enough to optimize it out).
- Ted
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-06-26 1:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-25 18:49 [PATCH 1/1] FS/JBD:replace count*size kmalloc by kmalloc_array Fabian Frederick
2014-06-26 1:17 ` Theodore Ts'o
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox